[go: up one dir, main page]

CN115664695B - A comprehensive assessment method based on the cyberspace security situation reflected by QR codes - Google Patents

A comprehensive assessment method based on the cyberspace security situation reflected by QR codes Download PDF

Info

Publication number
CN115664695B
CN115664695B CN202211030563.6A CN202211030563A CN115664695B CN 115664695 B CN115664695 B CN 115664695B CN 202211030563 A CN202211030563 A CN 202211030563A CN 115664695 B CN115664695 B CN 115664695B
Authority
CN
China
Prior art keywords
security
cyberspace
network
factors
rate
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211030563.6A
Other languages
Chinese (zh)
Other versions
CN115664695A (en
Inventor
刘欣
樊凯
杨航
邹洪
杨祎巍
黄国柱
黄容生
关泽武
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Southern Power Grid Digital Grid Research Institute Co Ltd
Original Assignee
Southern Power Grid Digital Grid Research Institute Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Southern Power Grid Digital Grid Research Institute Co Ltd filed Critical Southern Power Grid Digital Grid Research Institute Co Ltd
Priority to CN202211030563.6A priority Critical patent/CN115664695B/en
Publication of CN115664695A publication Critical patent/CN115664695A/en
Application granted granted Critical
Publication of CN115664695B publication Critical patent/CN115664695B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a comprehensive evaluation method of network space security situation based on two-dimensional code reflection, and belongs to the technical field of network space security situation evaluation. According to the invention, the initial weight of each level of unit network space safety factors is determined by adopting an improved analytic hierarchy process, so that the quick matrix fitting of indexes among multi-level structures in the decision process can be realized, the rationality in the decision process is improved, the amplification effect caused by reciprocal of every two indexes is avoided, the comprehensive evaluation precision is realized afterwards, the network space safety problem is quickly found, the feedback is carried out through the two-dimension code, the proposal and adjustment of the network safety factors are facilitated, the judging capability of the power basic network space safety situation is improved, the method can be used for evaluating the network space safety situation of a plurality of power industry practise units, and the visual and quantitative evaluation reference is provided for network safety supervisor participating in evaluation units.

Description

一种基于二维码反映的网络空间安全形势的综合评估方法A comprehensive assessment method based on the cyberspace security situation reflected by QR codes

技术领域Technical field

本发明属于网络空间安全形势评估技术领域,尤其涉及一种基于二维码反映的网络空间安全形势的综合评估方法。The invention belongs to the technical field of cyberspace security situation assessment, and in particular relates to a comprehensive assessment method based on the cyberspace security situation reflected by two-dimensional codes.

背景技术Background technique

随着互联网的发展,网络空间正在影响到社会生活的方方面面,网络空间安全依赖于信息网络、网络安全、应用安全是关键信息基础设施保护的必要组成部分,而电力行业基础设施的网络安全,也关系到对人民生活的保障,电力行业单位通常具有多层级,按照地理区域可以分为总公司、省公司、市公司、区县公司,按照业务可以分为主营业务公司(例如:电力传输、电力生产)和专业业务公司(例如:科技研究、业务拓展)。随着科技的发展,网络空间安全形势,With the development of the Internet, cyberspace is affecting all aspects of social life. Cyberspace security relies on information networks. Network security and application security are necessary components of the protection of critical information infrastructure. The network security of power industry infrastructure also Regarding the protection of people's lives, power industry units usually have multiple levels. They can be divided into head offices, provincial companies, municipal companies, and district and county companies according to geographical areas. According to business, they can be divided into main business companies (for example: power transmission, Electricity production) and professional business companies (e.g. scientific and technological research, business development). With the development of science and technology, the security situation of cyberspace,

如何能够直观地评价电力行业单位本身及所属各下级单位在网络空间安全领域面临的形势,是网络安全业务管理部门面临的一个技术难题,但由于多级电力行业单位层级结构业务之间的交互权重较为复杂,具有复杂层级结构的电力行业单位网络空间安全工作进行评价时权重之间互相影响容易影响到评价精度,因此,存在改进的空间。How to intuitively evaluate the situation faced by the power industry unit itself and its subordinate units in the field of cyberspace security is a technical problem faced by the network security business management department. However, due to the interactive weights between the hierarchical structure of the multi-level power industry units, It is relatively complex and has a complex hierarchical structure. When evaluating the cyberspace security work of units in the power industry, the interaction between weights can easily affect the evaluation accuracy. Therefore, there is room for improvement.

发明内容Contents of the invention

本发明的目的在于:为了解决难以直观地评价电力行业单位本身及所属各下级单位在网络空间安全领域面临的形势的问题,而提出的一种基于二维码反映的网络空间安全形势的综合评估方法。The purpose of this invention is to: in order to solve the problem that it is difficult to intuitively evaluate the situation faced by the power industry unit itself and its subordinate units in the field of cyberspace security, a comprehensive assessment of the cyberspace security situation reflected by the QR code is proposed. method.

为了实现上述目的,本发明采用了如下技术方案:In order to achieve the above objects, the present invention adopts the following technical solutions:

一种基于二维码反映的网络空间安全形势的综合评估方法,具体包括如下步骤:A comprehensive assessment method based on the cyberspace security situation reflected by QR codes, which specifically includes the following steps:

S1、根据单位层逐级确定各级单位网络空间安全因素;S1. Determine the cyberspace security factors of units at all levels based on the unit level;

S2、根据单位层逐级分析各级单位网络空间安全因素权重;S2. Analyze the weight of cyberspace security factors of units at all levels based on the unit level;

S3、根据单位层逐级采集各级单位网络空间安全因素数据;S3. Collect data on cyberspace security factors of units at all levels based on the unit level;

S4、根据单位层逐级判定及展示各级单位网络空间安全形势;S4. Determine and display the cyberspace security situation of units at all levels based on the unit level;

其中,各级单位网络空间安全因素权重根据等级调整,以反映其网络空间安全形势。Among them, the weights of cyberspace security factors for units at all levels are adjusted according to their levels to reflect their cyberspace security situation.

作为上述技术方案的进一步描述:As a further description of the above technical solution:

所述电力行业单位的网络空间安全形势通过网络安全二维码反映,且所述网络安全二维码通过对应的网络空间安全因素生成。The cyberspace security situation of the electric power industry unit is reflected through a network security QR code, and the network security QR code is generated by corresponding cyberspace security factors.

作为上述技术方案的进一步描述:As a further description of the above technical solution:

所述网络空间安全因素包括扣分项网络空间安全因素和加分项网络空间安全因素,且加分网络空间安全因素用于影响网络空间安全形势的判定权重。The cyberspace security factors include cyberspace security factors as deducted points and cyberspace security factors as bonus points, and the cyberspace security factors with bonus points are used to influence the weight of the determination of the cyberspace security situation.

作为上述技术方案的进一步描述:As a further description of the above technical solution:

所述网络空间安全因素分为:一级网络空间安全因素和二级网络空间安全因素;The cyberspace security factors are divided into: first-level cyberspace security factors and secondary cyberspace security factors;

所述一级网络空间安全因素分为安全管理方面因素、安全建设方面因素、安全运营方面因素和安全效果方面因素;The first-level cyberspace security factors are divided into security management factors, security construction factors, security operation factors and security effect factors;

其中,所述安全管理方面的二级网络空间安全因素包括:重要网络安全任务完成率和网络安全相关工作合规率;Among them, the secondary cyberspace security factors in terms of security management include: completion rate of important network security tasks and compliance rate of network security-related work;

所述安全建设方面的二级网络空间安全因素包括:重点建设项目进度达标率和重点推广项目进度达标率;The secondary cyberspace security factors in terms of safety construction include: progress compliance rate of key construction projects and progress compliance rate of key promotion projects;

安全运营方面的二级网络空间安全因素包括:电力系统高危网络安全问题整改率、电力系统中低危网络安全问题整改率、电力系统网络安全告警处理及时率、电力系统主机补丁修复率、电力系统终端补丁更新达标率、高危网络攻击变化趋势、网络安全相关人员培训计划达成率和电力系统的网络安全威胁形势;Secondary cyberspace security factors in terms of safe operation include: rectification rate of high-risk network security issues in the power system, rectification rate of medium- and low-risk network security issues in the power system, timely processing rate of network security alarms in the power system, patch repair rate of power system hosts, power system Compliance rate of terminal patch updates, changing trends of high-risk network attacks, completion rate of training plans for network security personnel and the network security threat situation of the power system;

安全效果方面的二级网络空间安全因素包括:外部第三方审计网络安全风险平均发现率、内部运维人员自查网络安全风险平均发现率、内部审计网络安全风险平均发现率、外部网络安全相关攻防竞赛获奖率、内部网络安全相关攻防竞赛获奖率、内部网络安全相关攻防竞赛参与率和内部网络安全相关应急演练参与率。Secondary cyberspace security factors in terms of security effects include: the average discovery rate of network security risks in external third-party audits, the average discovery rate of network security risks in self-examination by internal operation and maintenance personnel, the average discovery rate of network security risks in internal audits, and external network security-related attacks and defenses. Competition winning rate, internal network security-related offensive and defensive competition winning rate, internal network security-related offensive and defensive competition participation rate, and internal network security-related emergency drill participation rate.

作为上述技术方案的进一步描述:As a further description of the above technical solution:

所述内部运维人员自查网络安全风险平均发现率、内部审计网络安全风险平均发现率、外部网络安全相关攻防竞赛获奖率、内部网络安全相关攻防竞赛获奖率、内部网络安全相关攻防竞赛参与率和内部网络安全相关应急演练参与率均为加分项。The average self-examination network security risk discovery rate of the internal operation and maintenance personnel, the average internal audit network security risk discovery rate, the winning rate of external network security-related offensive and defensive competitions, the winning rate of internal network security-related offensive and defensive competitions, and the participation rate of internal network security-related offensive and defensive competitions. and the participation rate in internal network security-related emergency drills are bonus points.

作为上述技术方案的进一步描述:As a further description of the above technical solution:

电力行业单位的网络空间安全形势中某一级单位的网络空间安全形势通过所属各下级单位的网络空间安全形势组成,且某一级单位的网络空间安全形势组成其上级单位的网络空间安全形势。In the cyberspace security situation of power industry units, the cyberspace security situation of a certain level unit is composed of the cyberspace security situation of its subordinate units, and the cyberspace security situation of a certain level unit constitutes the cyberspace security situation of its superior units.

作为上述技术方案的进一步描述:As a further description of the above technical solution:

可根据某一单位所属各下级单位的重要性设置权重值,以反映各下级单位的网络空间安全形势在其直接上级单位网络空间安全形势中的重要程度。The weight value can be set according to the importance of each subordinate unit to a certain unit to reflect the importance of the cyberspace security situation of each subordinate unit in the cyberspace security situation of its direct superior unit.

作为上述技术方案的进一步描述:As a further description of the above technical solution:

各级单位网络空间安全因素权重确定方法,包括根据AHP层次分析法方法确定各级单位网络空间安全因素的初始权重,然后根据改进的矩阵判断一致性,检验计算出一致性指标或指数CI和随机一致性比率CR,并进行判定,当判定出对于一致性不可接受的情况,也即CR大于等于1的情况,重复上述调整步骤。The method for determining the weight of cyberspace security factors of units at all levels includes determining the initial weight of cyberspace security factors of units at all levels based on the AHP analytic hierarchy process method, then judging the consistency based on the improved matrix, and checking and calculating the consistency index or index CI and randomness. The consistency ratio CR is determined, and when it is determined that the consistency is unacceptable, that is, when CR is greater than or equal to 1, the above adjustment steps are repeated.

作为上述技术方案的进一步描述:As a further description of the above technical solution:

所述改进的矩阵具体通过使用穆迪图表法对矩阵进行改进,确定比较元素后即权重指标后,快速简单的判断矩阵中的每两个指标之间的赋值后得到所述改进后的判断矩阵。The improved matrix is specifically improved by using the Moody chart method. After determining the comparison elements, that is, the weight indicators, the improved judgment matrix is obtained by quickly and simply assigning values between each two indicators in the judgment matrix. .

综上所述,由于采用了上述技术方案,本发明的有益效果是:In summary, due to the adoption of the above technical solutions, the beneficial effects of the present invention are:

本发明中,通过采用改进的层次分析法确定各级单位网络空间安全因素的初始权重,从而能够实现对决策过程中多层级结构之间指标的快速矩阵拟合,提高决策过程中的有理性,避免两两指标之间互为倒数所带来的“放大效应”,以后综合评价精度,有利于快速发现网络空间安全问题并通过二维码进行反馈,有利于后续对网络安全因素进行提议调整,提高电力基础网络空间安全形势的判定能力,能够用于评价多个电力行业从业单位的网络空间安全形势,为参与评估单位网络安全主管人员提供可视化和量化评价参考。In the present invention, by using the improved analytic hierarchy process to determine the initial weights of network space security factors of units at all levels, rapid matrix fitting of indicators between multi-level structures in the decision-making process can be achieved, and rationality in the decision-making process can be improved. Avoiding the "amplification effect" caused by the reciprocal relationship between two indicators, the comprehensive evaluation accuracy in the future will be conducive to quickly discovering cyberspace security issues and providing feedback through QR codes, which will be conducive to subsequent proposed adjustments to network security factors. Improving the ability to determine the security situation of electric power basic cyberspace can be used to evaluate the cyberspace security situation of multiple power industry units, and provide visual and quantitative evaluation reference for network security managers of participating assessment units.

附图说明Description of the drawings

图1为本发明提出的一种基于二维码反映的网络空间安全形势的综合评估方法的流程示意图;Figure 1 is a schematic flow chart of a comprehensive assessment method based on the cyberspace security situation reflected by the QR code proposed by the present invention;

图2为本发明提出的一种基于二维码反映的网络空间安全形势的综合评估方法的网络空间安全因素调整流程示意图;Figure 2 is a schematic diagram of the adjustment process of cyberspace security factors based on the comprehensive assessment method of cyberspace security situation reflected by the QR code proposed by the present invention;

图3为本发明提出的一种基于二维码反映的网络空间安全形势的综合评估方法的根据网络空间安全因素确定网络安全二维码的流程示意图。Figure 3 is a schematic flow chart of determining the network security QR code based on network space security factors based on a comprehensive assessment method of the cyberspace security situation reflected by the QR code proposed by the present invention.

具体实施方式Detailed ways

下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其它实施例,都属于本发明保护的范围。The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some of the embodiments of the present invention, rather than all the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without making creative efforts fall within the scope of protection of the present invention.

请参阅图1-3,本发明提供一种技术方案:一种基于网络安全二维码技术反映多层级电力行业单位网络空间安全形势的综合评估方法,包括如下步骤:各级单位网络空间安全因素确定;各级单位网络空间安全因素数据采集;各级单位网络空间安全形势判定及展示;其中,构成各级单位网络安全二维码的网络空间安全因素需要根据实际情况进行调整,以反映其网络空间安全形势;各级单位网络空间安全形势判定需要根据单位层级逐级进行。Please refer to Figures 1-3. The present invention provides a technical solution: a comprehensive assessment method based on network security QR code technology to reflect the cyberspace security situation of multi-level power industry units, including the following steps: Cyberspace security factors of units at all levels Determination; data collection of cyberspace security factors of units at all levels; determination and display of the cyberspace security situation of units at all levels; among them, the cyberspace security factors that constitute the network security QR code of units at all levels need to be adjusted according to the actual situation to reflect their network Space security situation; The determination of the cyberspace security situation of units at all levels needs to be carried out step by step based on the unit level.

所述多层级电力行业单位可以分为总公司、省公司、市公司、区(或县)公司、相关分公司、相关子公司,所述各级单位网络空间安全因素确定包括:新的网络空间安全因素增加、已有网络空间安全因素的修改、已有网络空间安全因素的删除。The multi-level power industry units can be divided into head offices, provincial companies, municipal companies, district (or county) companies, related branches, and related subsidiaries. The cyberspace security factors of the units at all levels include: new cyberspace Security factors are added, existing cyberspace security factors are modified, and existing cyberspace security factors are deleted.

还包括一种网络空间安全因素的调整流程包括:调整提议,征求意见,调整确定。在调整提议流程中,由参加网络空间安全形势评估工作的相关单位提出调整提议,并在提议中给出具体的调整建议。在征求意见流程中,由参加网络空间安全形势评估工作的相关单位提出意见。在调整确定流程中,由决策者进行网络空间安全因素调整的确定。It also includes an adjustment process for cyberspace security factors including: adjustment proposal, soliciting opinions, and adjustment confirmation. In the adjustment proposal process, relevant units participating in the cyberspace security situation assessment work will propose adjustment proposals and give specific adjustment suggestions in the proposals. During the opinion solicitation process, relevant units participating in the cyberspace security situation assessment work will provide opinions. In the adjustment determination process, the decision-maker determines the adjustment of cyberspace security factors.

对于同一个网络安全问题A,在甲单位涉及B台主机,而在乙单位涉及C台主机,那么在计算甲乙两个单位的电力系统高危网络安全问题整改率或电力系统中低危网络安全问题整改率时,其涉及的网络安全问题分别为B个和C个,而不是1个(除非B和C均是1)。当计算网络空间安全形势时,同理需要考虑涉及资产数量;For the same network security issue A, if unit A involves host B, and unit B involves host C, then when calculating the rectification rate of high-risk network security issues in the power system of units A and B or the low-risk network security issues in the power system When calculating the rectification rate, the network security issues involved are B and C respectively, not 1 (unless B and C are both 1). When calculating the security situation in cyberspace, it is also necessary to consider the number of assets involved;

网络安全风险平均发现率=((风险1涉及资产数量/风险1可能涉及资产总数量)+(风险2涉及资产数量/风险2可能涉及资产总数量)+…+(风险N涉及资产数量/风险N可能涉及资产总数量))/N,其中N为风险类型数,风险1、风险2…风险N为不同类型的风险。网络安全风险平均发现率涉及到的网络空间安全因素有:外部第三方审计网络安全风险平均发现率、内部运维人员自查网络安全风险平均发现率(加分)、内部审计网络安全风险平均发现率(加分);The average discovery rate of network security risks = ((number of assets involved in risk 1/total number of assets that may be involved in risk 1)+(number of assets involved in risk 2/total number of assets that may be involved in risk 2)+…+(number of assets involved in risk N/risk N may involve the total number of assets))/N, where N is the number of risk types, risk 1, risk 2...Risk N is different types of risks. The cyberspace security factors involved in the average discovery rate of network security risks include: the average discovery rate of network security risks in external third-party audits, the average discovery rate of network security risks in self-examination by internal operation and maintenance personnel (extra points), and the average discovery rate of network security risks in internal audits. rate (extra points);

对于某个网络安全攻防竞赛GameA,其对应的竞赛级别权重为LevelA,对应奖励级别的权重为PrizeA1、PrizeA2…PrizeAn,单位Unit1对应的获奖人数为WinnerNumberA1、WinnerNumberA2…WinnerNumberAn。于是,单位Unit1在网络安全攻防竞赛A的网络安全相关攻防竞赛获奖率WinningRateOfGameA=((PrizeA1 X WinnerNumberA1)+(PrizeA2 XWinnerNumberA2)+…+(PrizeAn X WinnerNumberAn))/(WinnerNumberA1+WinnerNumberA2+…+WinnerNumberAn)。对于多个网络安全攻防竞赛GameA、GameB…GameM,其对应的竞赛级别权重分别为GameWeightA、GameWeightB…GameWeightM,单位Unit1的网络安全相关攻防竞赛获奖率=((WinningRateOfGameA X GameWeightA)+(WinningRateOfGameB XGameWeightB)+…+(WinningRateOfGameN X GameWeightN))/N。网络安全相关攻防竞赛获奖率涉及到的网络空间安全因素有:外部网络安全相关攻防竞赛获奖率(加分)、内部网络安全相关攻防竞赛获奖率(加分)。For a certain network security attack and defense competition GameA, the corresponding competition level weight is LevelA, the corresponding reward level weights are PrizeA1, PrizeA2...PrizeAn, and the number of winners corresponding to unit Unit1 is WinnerNumberA1, WinnerNumberA2...WinnerNumberAn. Therefore, the winning rate of unit Unit1 in the network security related attack and defense competition of network security attack and defense competition A is WinningRateOfGameA=((PrizeA1 X WinnerNumberA1)+(PrizeA2 XWinnerNumberA2)+…+(PrizeAn For multiple network security attack and defense competitions GameA, GameB...GameM, the corresponding competition level weights are GameWeightA, GameWeightB...GameWeightM respectively. The winning rate of the network security related attack and defense competition of unit Unit1 = ((WinningRateOfGameA X GameWeightA) + (WinningRateOfGameB XGameWeightB) + …+(WinningRateOfGameN X GameWeightN))/N. The cyberspace security factors involved in the winning rate of network security-related offensive and defensive competitions are: the winning rate of external network security-related offensive and defensive competitions (extra points), and the winning rate of internal network security-related offensive and defensive competitions (extra points).

参与率=(参与次数/总次数)X 100%。参与率涉及到的网络空间安全因素有:内部网络安全相关攻防竞赛参与率(加分)、内部网络安全相关应急演练参与率(加分)。Participation rate = (number of participations/total number of times) X 100%. The cyberspace security factors involved in the participation rate include: participation rate in internal network security-related offensive and defensive competitions (extra points), and participation rate in internal network security-related emergency drills (extra points).

参照图1,该评价及展示方法包括如下步骤:Referring to Figure 1, the evaluation and display method includes the following steps:

S100,各级单位网络空间安全因素确定。S100, determine the cyberspace security factors of units at all levels.

其中,在一个实施例中,网络空间安全因素的调整流程参照图2,征求意见的形式可以是开会的方式讨论,也可以是通过《征求意见表》进行收集和汇总。Among them, in one embodiment, the adjustment process of cyberspace security factors is as shown in Figure 2. The form of soliciting opinions can be discussion in the form of a meeting, or it can be collected and summarized through the "Comment Soliciting Form".

在一个实施例中,网络安全相关工作合规率涉及的工作包括但不限于:网络安全等级保护、商用密码应用、商业秘密保护、关键基础设施保护、信息安全风险评估。In one embodiment, the cybersecurity-related work compliance rate involves work including but not limited to: network security level protection, commercial password application, trade secret protection, critical infrastructure protection, and information security risk assessment.

在一个实施例中,电力系统高危网络安全问题整改率和电力系统中低危网络安全问题整改率涉及的问题包括:存放电力系统设备的物理环境安全问题,涉及网络设备和安全设备的网络环境安全问题,涉及服务器、终端设备和存储设备的主机环境安全,涉及信息系统中的应用系统、工业控制系统中的应用系统、中间件的应用安全问题,涉及电力系统中存储数据的数据安全问题,涉及管理制度及其执行记录的管理安全问题。In one embodiment, the issues involved in the rectification rate of high-risk network security issues in the power system and the rectification rate of low-risk network security issues in the power system include: security issues in the physical environment where power system equipment is stored, and network environment security issues involving network equipment and security equipment. Issues involving the host environment security of servers, terminal devices and storage devices, application security issues of application systems in information systems, application systems in industrial control systems, and middleware, data security issues of data stored in power systems, and Management security issues of the management system and its execution records.

在一个实施例中,电力系统网络安全告警处理及时率涉及的工作包括但不限于:电力系统本身发出的网络安全相关告警,网络安全监测设备或系统发出的网络安全相关告警。网络安全监测设备或系统包括但不限于:环境动力监控系统、温度湿度监控系统、入侵防御系统(IPS)、入侵检测系统(IDS)、网络审计系统、网络流量回溯分析系统、APT攻击检测系统、蜜罐、上网行为管理设备、防毒墙、主机防火墙软件、主机入侵检测(HIDS)、恶意代码防范软件、终端安全响应系统(EDR)、应用防火墙、数据防泄漏系统(DLP)、数据库审计系统、数据库防火墙、应用漏洞监控系统、漏洞扫描系统、统一威胁管理(UTM)、安全运营中心(SOC)、安全信息和事件管理(SIEM)系统、安全态势感知系统。In one embodiment, the work involved in the timely processing of power system network security alarms includes but is not limited to: network security-related alarms issued by the power system itself, network security-related alarms issued by network security monitoring equipment or systems. Network security monitoring equipment or systems include but are not limited to: environmental power monitoring systems, temperature and humidity monitoring systems, intrusion prevention systems (IPS), intrusion detection systems (IDS), network audit systems, network traffic traceback analysis systems, APT attack detection systems, Honeypots, Internet behavior management equipment, anti-virus walls, host firewall software, host intrusion detection (HIDS), malicious code prevention software, terminal security response system (EDR), application firewall, data leakage prevention system (DLP), database audit system, Database firewall, application vulnerability monitoring system, vulnerability scanning system, unified threat management (UTM), security operation center (SOC), security information and event management (SIEM) system, security situation awareness system.

在一个实施例中,电力系统主机包括但不限于:信息系统的服务器和工业控制系统的主机。In one embodiment, the power system host includes, but is not limited to: an information system server and an industrial control system host.

在一个实施例中,高危网络攻击是指利用CVSS(Common Vulnerability ScoringSystem,即“通用漏洞评分系统”)得分大于等于7的弱点进行网络攻击。In one embodiment, high-risk network attacks refer to network attacks that utilize weaknesses with a CVSS (Common Vulnerability Scoring System) score of greater than or equal to 7.

在一个实施例中,高危网络攻击变化趋势主要通过比较与上一个周期的次数变化得出。In one embodiment, the change trend of high-risk network attacks is mainly obtained by comparing the change with the number of times in the previous period.

在一个实施例中,网络安全相关人员培训涉及的工作包括但不限于:网络安全相关的意识培训、知识培训、技能培训,以及相关的考核、竞赛和演练工作。In one embodiment, the work involved in the training of network security-related personnel includes but is not limited to: network security-related awareness training, knowledge training, skills training, and related assessments, competitions, and drills.

在一个实施例中,涉及电力系统的网络安全威胁形势包括但不限于:CNCERT(国家互联网应急中心)安全指数、上级单位或行业主管单位组织的检查或演习情况,上级单位、行业主管单位或行业内其他单位通报的网络安全威胁情报信息情况,行业内发生的网络安全事件情况。In one embodiment, the network security threat situation involving the power system includes but is not limited to: CNCERT (National Internet Emergency Center) security index, inspections or exercises organized by superior units or industry competent units, superior units, industry competent units or industry Cyber security threat intelligence information reported by other units within the company, and cyber security incidents occurring within the industry.

S110,各级单位网络空间安全因素权重确定。S110. Determine the weight of cyberspace security factors for units at all levels.

在一个实施例中,根据AHP方法确定各级单位网络空间安全因素的初始权重时,将网络空间安全形势对应为AHP方法的A层(目的层),一级网络空间安全因素对应为AHP方法的N层(系统层),二级网络空间安全因素对应为AHP方法的P层(策略层),具体情况见表1。构造判断矩阵,根据相对重要性指标两两比较能进一步细化的按T.L.Saaty的九级标度法取1~9及其倒数,T.L.Saaty九级标度法及其含义见表2。对于N层判断A~N,相应判断矩阵见表3。对于P层判断N~P,相应判断矩阵见表4至表7。In one embodiment, when determining the initial weights of cyberspace security factors of units at all levels based on the AHP method, the cyberspace security situation corresponds to the A layer (purpose layer) of the AHP method, and the first-level cyberspace security factors correspond to the AHP method. The N layer (system layer) and the secondary network space security factors correspond to the P layer (policy layer) of the AHP method. See Table 1 for details. Construct a judgment matrix, and according to T.L. Saaty's nine-level scaling method, which can be further refined based on pairwise comparison of relative importance indicators, take 1 to 9 and its reciprocal. T.L.Saaty's nine-level scaling method and its meaning are shown in Table 2. For N-level judgments A to N, the corresponding judgment matrix is shown in Table 3. For the P layer judgment N~P, the corresponding judgment matrices are shown in Table 4 to Table 7.

在一个实施例中,一致性检验的流程为:对于A~N判断矩阵B,计算满足Bω=λmaxω的特征向量ω(λmax为最大特征值),并将其归一化,则其相应的分量即为该层次的权重值。计算判断矩阵的最大特征值(或称最大特征根)λmax;计算一致性指标CI=(λmax-n)/(n-1),式中,n为判断矩阵的行数,也即层次中的指标个数。计算随机一致性比率CR=CI/RI,其中RI为随机一致性指标,见表8。对于CR大于等于1的情况,调整A~N判断矩阵和N~P判断矩阵,直至使CR小于1。In one embodiment, the consistency check process is: for the A to N judgment matrix B, calculate the eigenvector ω that satisfies Bω=λmaxω (λmax is the maximum eigenvalue), and normalize it, then its corresponding component That is the weight value of this level. Calculate the maximum eigenvalue (or maximum eigenroot) λmax of the judgment matrix; calculate the consistency index CI=(λmax-n)/(n-1), where n is the number of rows of the judgment matrix, that is, in the hierarchy Number of indicators. Calculate the random consistency ratio CR=CI/RI, where RI is the random consistency index, see Table 8. For the case where CR is greater than or equal to 1, adjust the A~N judgment matrix and N~P judgment matrix until CR is less than 1.

S120,各级单位网络空间安全因素数据采集。S120, data collection of cyberspace security factors for units at all levels.

在一个实施例中,在各级单位网络空间安全因素数据采集过程中,从基层单位开始并逐层向上层汇总。各层级的数据采集人员负责各自职责范围内的数据采集,各单位指派专人负责本单位数据质量。In one embodiment, during the data collection process of cyberspace security factors of units at all levels, it starts from the grassroots unit and is summarized layer by layer to the upper level. Data collection personnel at all levels are responsible for data collection within their respective scopes of responsibility, and each unit assigns a dedicated person to be responsible for the data quality of the unit.

S130,各级单位网络空间安全形势判定及展示。S130, determine and display the cyberspace security situation of units at all levels.

在一个实施例中,各单位网络空间安全形势分为绿码、黄码和红码,需要根据各级单位网络空间安全因素数据判定,具体流程参见图3。In one embodiment, the cyberspace security situation of each unit is divided into green code, yellow code and red code, which need to be determined based on the cyberspace security factor data of units at each level. See Figure 3 for the specific process.

下面结合一个实施例,对本发明一种基于网络安全二维码技术反映多层级电力行业单位网络空间安全形势的综合评估方法做进一步地说明,如表9所示。表10给出了一种网络安全相关攻防竞赛级别及奖项级别对应规则,用于确定外部网络安全相关攻防竞赛获奖率(加分)和内部网络安全相关攻防竞赛获奖率(加分);The following is a further explanation of a comprehensive assessment method based on the network security QR code technology of the present invention that reflects the network space security situation of multi-level power industry units with reference to an embodiment, as shown in Table 9. Table 10 gives a corresponding rule for network security-related offensive and defensive competition levels and award levels, which is used to determine the winning rate (additional points) of external network security-related offensive and defensive competitions and the winning rate (additional points) of internal network security-related offensive and defensive competitions;

表1各级单位网络空间安全因素体系层次结构Table 1 Hierarchical structure of cyberspace security factor system for units at all levels

表2 Saaty九级标度法及其含义Table 2 Saaty nine-level scaling method and its meaning

表3 A~N矩阵表Table 3 A~N matrix table

AA N1N1 N2N2 N3N3 N4N4 N1N1 11 22 33 44 N2N2 1/21/2 11 1/31/3 1/21/2 N3N3 1/31/3 33 11 1/21/2 N4N4 1/41/4 22 22 11

表4 N1~P矩阵表Table 4 N1~P matrix table

N1N1 P1P1 P2P2 P1P1 11 22 P2P2 1/21/2 11

表5 N2~P矩阵表Table 5 N2~P matrix table

N2N2 P3P3 P4P4 P3P3 11 22 P4P4 1/21/2 11

表6 N3~P矩阵表Table 6 N3~P matrix table

N3N3 P5P5 P6P6 P7P7 P8P8 P9P9 P10P10 P11P11 P12P12 P5P5 11 99 22 33 22 77 88 99 P6P6 1/91/9 11 1/21/2 1/31/3 1/21/2 1/71/7 1/81/8 1/91/9 P7P7 1/21/2 22 11 22 33 77 88 99 P8P8 1/31/3 33 1/21/2 11 44 77 88 99 P9P9 1/21/2 22 1/31/3 1/41/4 11 22 44 55 P10P10 1/71/7 77 1/41/4 1/71/7 1/21/2 11 22 33 P11P11 1/81/8 88 1/81/8 1/81/8 1/41/4 1/21/2 11 22 P12P12 1/91/9 99 1/91/9 1/91/9 1/51/5 1/31/3 1/21/2 11

表7 N4~P矩阵表Table 7 N4~P matrix table

N4N4 P13P13 P14P14 P15P15 P16P16 P17P17 P18P18 P19P19 P13P13 11 33 22 44 55 66 55 P14P14 1/31/3 11 1/21/2 33 44 55 44 P15P15 1/21/2 22 11 33 44 55 44 P16P16 1/41/4 1/31/3 1/31/3 11 99 88 22 P17P17 1/51/5 1/41/4 1/41/4 1/91/9 11 88 99 P18P18 1/61/6 1/51/5 1/51/5 1/81/8 1/81/8 11 1/21/2 P19P19 1/51/5 1/41/4 1/41/4 1/21/2 1/91/9 22 11

表8平均随机一致性指标表Table 8 Average random consistency index table

表9一种网络空间安全形势分类方法及其判定规则Table 9 A cyberspace security situation classification method and its determination rules

表10一种网络安全相关攻防竞赛级别及奖项级别对应规则Table 10 Corresponding rules for network security related offensive and defensive competition levels and award levels

以上所述,仅为本发明较佳的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,根据本发明的技术方案及其发明构思加以等同替换或改变,都应涵盖在本发明的保护范围之内。The above are only preferred specific embodiments of the present invention, but the protection scope of the present invention is not limited thereto. Any person familiar with the technical field can, within the technical scope disclosed in the present invention, implement the technical solutions of the present invention. Equivalent substitutions or changes of the inventive concept thereof shall be included in the protection scope of the present invention.

Claims (1)

1.一种基于二维码反映的网络空间安全形势的综合评估方法,应用于电力行业单位,其特征在于,具体包括如下步骤:1. A comprehensive assessment method based on the cyberspace security situation reflected by QR codes, applied to power industry units, which is characterized by including the following steps: S1、根据单位层逐级确定各级单位网络空间安全因素;S1. Determine the cyberspace security factors of units at all levels based on the unit level; S2、根据单位层逐级分析各级单位网络空间安全因素权重;S2. Analyze the weight of cyberspace security factors of units at all levels based on the unit level; S3、根据单位层逐级采集各级单位网络空间安全因素数据;S3. Collect data on cyberspace security factors of units at all levels based on the unit level; S4、根据单位层逐级判定及展示各级单位网络空间安全形势;S4. Determine and display the cyberspace security situation of units at all levels based on the unit level; 其中,各级单位网络空间安全因素权重根据等级调整,以反映其网络空间安全形势;Among them, the weights of cyberspace security factors of units at all levels are adjusted according to their levels to reflect their cyberspace security situation; 还包括一种网络空间安全因素的调整流程,所述调整流程包括:调整提议,征求意见,调整确定;在调整提议流程中,由参加网络空间安全形势评估工作的相关单位提出调整提议,并在提议中给出具体的调整建议;在征求意见流程中,由参加网络空间安全形势评估工作的相关单位提出意见;在调整确定流程中,由决策者进行网络空间安全因素调整的确定;It also includes an adjustment process for cyberspace security factors. The adjustment process includes: adjustment proposal, soliciting opinions, and adjustment determination; in the adjustment proposal process, relevant units participating in the cyberspace security situation assessment work put forward adjustment proposals, and Specific adjustment suggestions are given in the proposal; in the opinion solicitation process, relevant units participating in the cyberspace security situation assessment work provide opinions; in the adjustment determination process, the decision-maker determines the adjustment of cyberspace security factors; 所述电力行业单位的网络空间安全形势通过网络安全二维码反映,且所述网络安全二维码通过对应的网络空间安全因素生成;The cyberspace security situation of the power industry unit is reflected through a network security QR code, and the network security QR code is generated by corresponding cyberspace security factors; 所述网络空间安全因素包括扣分项网络空间安全因素和加分项网络空间安全因素,且加分网络空间安全因素用于影响网络空间安全形势的判定权重;The cyberspace security factors include deducted cyberspace security factors and bonus cyberspace security factors, and the cyberspace security factors with bonus points are used to influence the weight of the determination of the cyberspace security situation; 所述网络空间安全因素分为:一级网络空间安全因素和二级网络空间安全因素;The cyberspace security factors are divided into: first-level cyberspace security factors and secondary cyberspace security factors; 所述一级网络空间安全因素分为安全管理方面因素、安全建设方面因素、安全运营方面因素和安全效果方面因素;The first-level cyberspace security factors are divided into security management factors, security construction factors, security operation factors and security effect factors; 其中,安全管理方面的二级网络空间安全因素包括:重要网络安全任务完成率和网络安全相关工作合规率;Among them, the secondary cyberspace security factors in security management include: completion rate of important cyber security tasks and compliance rate of cyber security-related work; 安全建设方面的二级网络空间安全因素包括:重点建设项目进度达标率和重点推广项目进度达标率;Secondary cyberspace security factors in terms of security construction include: progress compliance rate of key construction projects and progress compliance rate of key promotion projects; 安全运营方面的二级网络空间安全因素包括:电力系统高危网络安全问题整改率、电力系统中低危网络安全问题整改率、电力系统网络安全告警处理及时率、电力系统主机补丁修复率、电力系统终端补丁更新达标率、高危网络攻击变化趋势、网络安全相关人员培训计划达成率和电力系统的网络安全威胁形势;Secondary cyberspace security factors in terms of safe operation include: rectification rate of high-risk network security issues in the power system, rectification rate of medium- and low-risk network security issues in the power system, timely processing rate of network security alarms in the power system, patch repair rate of power system hosts, power system Compliance rate of terminal patch updates, changing trends of high-risk network attacks, completion rate of training plans for network security personnel and the network security threat situation of the power system; 安全效果方面的二级网络空间安全因素包括:外部第三方审计网络安全风险平均发现率、内部运维人员自查网络安全风险平均发现率、内部审计网络安全风险平均发现率、外部网络安全相关攻防竞赛获奖率、内部网络安全相关攻防竞赛获奖率、内部网络安全相关攻防竞赛参与率和内部网络安全相关应急演练参与率;Secondary cyberspace security factors in terms of security effects include: the average discovery rate of network security risks in external third-party audits, the average discovery rate of network security risks in self-examination by internal operation and maintenance personnel, the average discovery rate of network security risks in internal audits, and external network security-related attacks and defenses. Competition winning rate, internal network security-related offensive and defensive competition winning rate, internal network security-related offensive and defensive competition participation rate, and internal network security-related emergency drill participation rate; 所述内部运维人员自查网络安全风险平均发现率、内部审计网络安全风险平均发现率、外部网络安全相关攻防竞赛获奖率、内部网络安全相关攻防竞赛获奖率、内部网络安全相关攻防竞赛参与率和内部网络安全相关应急演练参与率均为加分项;The average self-examination network security risk discovery rate of the internal operation and maintenance personnel, the average internal audit network security risk discovery rate, the winning rate of external network security-related offensive and defensive competitions, the winning rate of internal network security-related offensive and defensive competitions, and the participation rate of internal network security-related offensive and defensive competitions. and the participation rate in internal network security-related emergency drills are bonus points; 电力行业单位的网络空间安全形势中某一级单位的网络空间安全形势通过所属各下级单位的网络空间安全形势组成,且某一级单位的网络空间安全形势组成其上级单位的网络空间安全形势;In the cyberspace security situation of units in the electric power industry, the cyberspace security situation of a certain level unit is composed of the cyberspace security situation of its subordinate units, and the cyberspace security situation of a certain level unit constitutes the cyberspace security situation of its superior unit; 根据某一单位所属各下级单位的重要性设置权重值,以反映各下级单位的网络空间安全形势在其直接上级单位网络空间安全形势中的重要程度;Set the weight value according to the importance of each subordinate unit to a certain unit to reflect the importance of the cyberspace security situation of each subordinate unit in the cyberspace security situation of its direct superior unit; 网络安全相关工作合规率涉及的工作包括:网络安全等级保护、商用密码应用、商业秘密保护、关键基础设施保护、信息安全风险评估;The work involved in the compliance rate of cybersecurity-related work includes: network security level protection, commercial password application, trade secret protection, critical infrastructure protection, and information security risk assessment; 电力系统高危网络安全问题整改率和电力系统中低危网络安全问题整改率涉及的问题包括:存放电力系统设备的物理环境安全问题,涉及网络设备和安全设备的网络环境安全问题,涉及服务器、终端设备和存储设备的主机环境安全,涉及信息系统中的应用系统、工业控制系统中的应用系统、中间件的应用安全问题,涉及电力系统中存储数据的数据安全问题,涉及管理制度及其执行记录的管理安全问题;The issues involved in the rectification rate of high-risk network security issues in the power system and the rectification rate of medium- and low-risk network security issues in the power system include: security issues in the physical environment where power system equipment is stored, security issues in the network environment involving network equipment and security equipment, and issues involving servers and terminals. The host environment security of equipment and storage devices involves application security issues of application systems in information systems, application systems in industrial control systems, and middleware, data security issues of data stored in power systems, and management systems and their execution records. management security issues; 电力系统网络安全告警处理及时率涉及的工作包括:电力系统本身发出的网络安全相关告警,网络安全监测设备或系统发出的网络安全相关告警;The work involved in the timely processing of power system network security alarms includes: network security-related alarms issued by the power system itself, network security-related alarms issued by network security monitoring equipment or systems; 网络安全监测设备或系统包括:环境动力监控系统、温度湿度监控系统、入侵防御系统、入侵检测系统、网络审计系统、网络流量回溯分析系统、APT攻击检测系统、蜜罐、上网行为管理设备、防毒墙、主机防火墙软件、主机入侵检测、恶意代码防范软件、终端安全响应系统、应用防火墙、数据防泄漏系统、数据库审计系统、数据库防火墙、应用漏洞监控系统、漏洞扫描系统、统一威胁管理、安全运营中心、安全信息和事件管理系统、安全态势感知系统;Network security monitoring equipment or systems include: environmental power monitoring system, temperature and humidity monitoring system, intrusion prevention system, intrusion detection system, network audit system, network traffic traceback analysis system, APT attack detection system, honeypot, Internet behavior management equipment, anti-virus Wall, host firewall software, host intrusion detection, malicious code prevention software, terminal security response system, application firewall, data leakage prevention system, database audit system, database firewall, application vulnerability monitoring system, vulnerability scanning system, unified threat management, security operation Center, security information and event management system, security situation awareness system; 电力系统主机包括:信息系统的服务器和工业控制系统的主机;Power system hosts include: information system servers and industrial control system hosts; 高危网络攻击是指利用通用漏洞评分系统得分大于等于7的弱点进行网络攻击;High-risk network attacks refer to network attacks that exploit weaknesses with a score of greater than or equal to 7 in the universal vulnerability scoring system; 高危网络攻击变化趋势通过比较与上一个周期的次数变化得出;The changing trend of high-risk network attacks is obtained by comparing the number changes with the previous cycle; 网络安全相关人员培训涉及的工作包括:网络安全相关的意识培训、知识培训、技能培训,以及相关的考核、竞赛和演练工作;The work involved in the training of cybersecurity-related personnel includes: cybersecurity-related awareness training, knowledge training, skills training, as well as related assessments, competitions and drills; 涉及电力系统的网络安全威胁形势包括:国家互联网应急中心安全指数、上级单位或行业主管单位组织的检查或演习情况,上级单位、行业主管单位或行业内其他单位通报的网络安全威胁情报信息情况,行业内发生的网络安全事件情况;The cybersecurity threat situation involving the power system includes: the National Internet Emergency Center security index, inspections or exercises organized by superior units or industry supervisory units, network security threat intelligence information reported by superior units, industry supervisory units, or other units in the industry, Cybersecurity incidents occurring within the industry; 各级单位网络空间安全因素权重确定方法,包括根据AHP层次分析法方法确定各级单位网络空间安全因素的初始权重,然后根据改进后的判断矩阵判断一致性,检验计算出一致性指标或指数CI和随机一致性比率CR,并进行判定,当判定出对于一致性不可接受的情况,也即CR大于等于1的情况,调整改进后的判断矩阵直至使CR小于1;The method for determining the weight of cyberspace security factors for units at all levels includes determining the initial weights of cyberspace security factors for units at all levels based on the AHP analytic hierarchy process method, then judging the consistency based on the improved judgment matrix, and checking and calculating the consistency index or index CI. and random consistency ratio CR, and make a judgment. When it is judged that the consistency is unacceptable, that is, when CR is greater than or equal to 1, adjust the improved judgment matrix until CR is less than 1; 所述改进的矩阵具体通过使用穆迪图表法对矩阵进行改进,确定比较元素后即权重指标后,快速简单的判断矩阵中的每两个指标之间的赋值后得到改进后的判断矩阵。The improved matrix is specifically improved by using the Moody chart method. After determining the comparison elements, that is, the weight indicators, the improved judgment matrix is obtained by quickly and simply assigning values between each two indicators in the judgment matrix.
CN202211030563.6A 2022-08-26 2022-08-26 A comprehensive assessment method based on the cyberspace security situation reflected by QR codes Active CN115664695B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211030563.6A CN115664695B (en) 2022-08-26 2022-08-26 A comprehensive assessment method based on the cyberspace security situation reflected by QR codes

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211030563.6A CN115664695B (en) 2022-08-26 2022-08-26 A comprehensive assessment method based on the cyberspace security situation reflected by QR codes

Publications (2)

Publication Number Publication Date
CN115664695A CN115664695A (en) 2023-01-31
CN115664695B true CN115664695B (en) 2023-11-17

Family

ID=84984343

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211030563.6A Active CN115664695B (en) 2022-08-26 2022-08-26 A comprehensive assessment method based on the cyberspace security situation reflected by QR codes

Country Status (1)

Country Link
CN (1) CN115664695B (en)

Citations (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102457524A (en) * 2011-11-23 2012-05-16 中国人民解放军国防科学技术大学 Security situation aggregation method for hierarchical network
CN103581155A (en) * 2012-08-08 2014-02-12 贵州电网公司信息通信分公司 Information security situation analysis method and system
US9294495B1 (en) * 2013-01-06 2016-03-22 Spheric Security Solutions System and method for evaluating and enhancing the security level of a network system
CN107832929A (en) * 2017-10-27 2018-03-23 国网山东省电力公司菏泽供电公司 A kind of active distribution network operation situation evaluation method based on utility function
CN108683664A (en) * 2018-05-15 2018-10-19 北京理工大学 A Network Risk Analysis and Optimal Active Defense Method Based on Multilevel Game Model
CN108769018A (en) * 2018-05-29 2018-11-06 北京理工大学 A kind of cyberspace security measure method of the more granularities of multidimensional
CN108921372A (en) * 2018-05-17 2018-11-30 西南交通大学 Based on step analysis and the freeway tunnel operation security risk evaluating method that matter-element can be opened up
CN109086607A (en) * 2018-07-16 2018-12-25 无锡江南计算技术研究所 A kind of autonomous degree of controllability appraisal procedure of Network Security Device
CN110443037A (en) * 2019-08-14 2019-11-12 广州思泰信息技术有限公司 A kind of power monitoring network security postures cognitive method based on modified AHP
DE102018113688A1 (en) * 2018-06-08 2019-12-12 Avl Software And Functions Gmbh Procedure for hazard analysis and risk assessment
CN111614615A (en) * 2020-04-16 2020-09-01 国网浙江省电力有限公司湖州供电公司 A Quantitative Evaluation Method for Network Security of Substation Power Monitoring System
CN111680863A (en) * 2020-04-26 2020-09-18 南京南数数据运筹科学研究院有限公司 Network environment safety condition evaluation method based on analytic hierarchy process
CN112766517A (en) * 2021-01-12 2021-05-07 南方电网数字电网研究院有限公司 Monitoring and early warning method for electric power operation and maintenance network security
WO2021129509A1 (en) * 2019-12-25 2021-07-01 国网能源研究院有限公司 Large and medium-sized enterprise technical standard systematization implementation benefit evaluation method
CN113132370A (en) * 2021-04-13 2021-07-16 上海汉邦京泰数码技术有限公司 Universal integrated safety pipe center system
CN113689129A (en) * 2021-08-27 2021-11-23 杭州开地信息技术有限公司 A comprehensive safety supervision information platform system based on risk classification and classification supervision
US11271961B1 (en) * 2019-04-09 2022-03-08 Cytellix Corporation Cloud-based cybersecurity management of hierarchical network groups

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI482047B (en) * 2012-11-06 2015-04-21 Inst Information Industry Information security audit method, system and computer readable storage medium for storing thereof

Patent Citations (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102457524A (en) * 2011-11-23 2012-05-16 中国人民解放军国防科学技术大学 Security situation aggregation method for hierarchical network
CN103581155A (en) * 2012-08-08 2014-02-12 贵州电网公司信息通信分公司 Information security situation analysis method and system
US9294495B1 (en) * 2013-01-06 2016-03-22 Spheric Security Solutions System and method for evaluating and enhancing the security level of a network system
CN107832929A (en) * 2017-10-27 2018-03-23 国网山东省电力公司菏泽供电公司 A kind of active distribution network operation situation evaluation method based on utility function
CN108683664A (en) * 2018-05-15 2018-10-19 北京理工大学 A Network Risk Analysis and Optimal Active Defense Method Based on Multilevel Game Model
CN108921372A (en) * 2018-05-17 2018-11-30 西南交通大学 Based on step analysis and the freeway tunnel operation security risk evaluating method that matter-element can be opened up
CN108769018A (en) * 2018-05-29 2018-11-06 北京理工大学 A kind of cyberspace security measure method of the more granularities of multidimensional
DE102018113688A1 (en) * 2018-06-08 2019-12-12 Avl Software And Functions Gmbh Procedure for hazard analysis and risk assessment
CN109086607A (en) * 2018-07-16 2018-12-25 无锡江南计算技术研究所 A kind of autonomous degree of controllability appraisal procedure of Network Security Device
US11271961B1 (en) * 2019-04-09 2022-03-08 Cytellix Corporation Cloud-based cybersecurity management of hierarchical network groups
CN110443037A (en) * 2019-08-14 2019-11-12 广州思泰信息技术有限公司 A kind of power monitoring network security postures cognitive method based on modified AHP
WO2021129509A1 (en) * 2019-12-25 2021-07-01 国网能源研究院有限公司 Large and medium-sized enterprise technical standard systematization implementation benefit evaluation method
CN111614615A (en) * 2020-04-16 2020-09-01 国网浙江省电力有限公司湖州供电公司 A Quantitative Evaluation Method for Network Security of Substation Power Monitoring System
CN111680863A (en) * 2020-04-26 2020-09-18 南京南数数据运筹科学研究院有限公司 Network environment safety condition evaluation method based on analytic hierarchy process
CN112766517A (en) * 2021-01-12 2021-05-07 南方电网数字电网研究院有限公司 Monitoring and early warning method for electric power operation and maintenance network security
CN113132370A (en) * 2021-04-13 2021-07-16 上海汉邦京泰数码技术有限公司 Universal integrated safety pipe center system
CN113689129A (en) * 2021-08-27 2021-11-23 杭州开地信息技术有限公司 A comprehensive safety supervision information platform system based on risk classification and classification supervision

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
基于模糊层次分析的工业SCADA安全风险评估方法研究与应用;杨肖;杨力;杨子纯;;计算机应用与软件(第05期);全文 *
基于穆迪图表法改进的AHP 目标排序;陈琪;《海军航空工程学院学报》;第23卷(第6期);第698-700页 *
模糊决策在网络安全评估中的应用研究;官心果;吴晓刚;;福建电脑(第12期);全文 *

Also Published As

Publication number Publication date
CN115664695A (en) 2023-01-31

Similar Documents

Publication Publication Date Title
Rajan et al. Developing a modified total interpretive structural model (M-TISM) for organizational strategic cybersecurity management
Li et al. Analysis framework of network security situational awareness and comparison of implementation methods
CN107819771B (en) Information security risk assessment method and system based on asset dependency relationship
CN105635112B (en) Evaluation Method of Information System Security Performance
Hu et al. Optimal network defense strategy selection based on incomplete information evolutionary game
CN111680863A (en) Network environment safety condition evaluation method based on analytic hierarchy process
CN103400027A (en) Risk assessment algorithm for information system
CN108833416A (en) A SCADA system information security risk assessment method and system
CN107220549A (en) Leak risk basal evaluation method based on CVSS
CN114629674A (en) Attention mechanism-based industrial control network security risk assessment method
CN117614978A (en) An information security communication management system for digital workshops
CN118264443A (en) An adaptive intrusion response game system and method for data services under intrusion attacks
CN115664695B (en) A comprehensive assessment method based on the cyberspace security situation reflected by QR codes
CN114022022A (en) Industrial network security risk assessment method, device, equipment and storage medium
CN108805453A (en) A kind of Network Abnormal safety evaluation method in power distribution network CPS based on AHP
CN117614698A (en) A network security risk analysis method and system for power monitoring systems
CN118095823A (en) A factor-correlated security risk assessment method for power Internet of Things
CN117749406A (en) Method for evaluating B5G industrial Internet security in multiple dimensions
Wang et al. RRDD: an ATT&CK-based ICS network security risk assessment method
CN115758387A (en) Information security risk assessment method
CN115982711A (en) Quantitative evaluation method for data security risk
CN114553517A (en) Nonlinear weighted network security assessment method, device, equipment and storage medium
Chen et al. Genetic Algorithm Application on the Risk Assessment for Accounting Resource Sharing Management
Yang et al. Research on security self-defense of power information network based on artificial intelligence
CN111832958A (en) A comprehensive energy information security risk analysis system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP03 Change of name, title or address

Address after: Room 86, room 406, No.1, Yichuang street, Zhongxin Guangzhou Knowledge City, Huangpu District, Guangzhou City, Guangdong Province

Patentee after: Southern Power Grid Digital Grid Research Institute Co.,Ltd.

Country or region after: China

Address before: Room 406-86, No.1 Yichuang Street, Zhongxin Guangzhou Knowledge City, Huangpu District, Guangzhou City, Guangdong Province

Patentee before: Southern Power Grid Digital Grid Research Institute Co.,Ltd.

Country or region before: China

CP03 Change of name, title or address